Threat group ShinyHunters continues its incessant campaign to torture companies trying to provide products and services to consumers, with no indication of letting up.
One of its latest victims, Medtronic, the manufacturer of medical devices, healthcare technologies, and therapies, confirmed that it was the victim of an April cyberattack where over nine million records from the company were stolen. ShinyHunters claimed responsibility. Medtronic recently notified affected customers, informing them that the data exposed during the attack included some customers’ names, contact information, dates of birth, Social Security numbers, and health-related information.
Although the data was compromised during the attack, Medtronic has confirmed that the attack did not impact its medical devices, and they remain safe to use.
Medtronic is offering affected customers 24 months of credit monitoring and identity theft protection services. If you receive a letter from Medtronic, it is important to follow the instructions provided.
While recent arrests and extraditions of individuals linked to Scattered Spider (another notoriously active threat actor group) are a positive development, I’m hopeful that similar law enforcement progress against ShinyHunters associates will follow soon.